package com.sxt.realm;

import java.util.ArrayList;
import java.util.List;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import com.sxt.domain.Permission;
import com.sxt.domain.Role;
import com.sxt.domain.User;
import com.sxt.service.PermissionService;
import com.sxt.service.RoleService;
import com.sxt.service.UserService;
import com.sxt.vo.ActiverUser;

@Component
public class UserRealm extends AuthorizingRealm {

	@Autowired
	private UserService userService;
	@Autowired
	private RoleService roleService;
	@Autowired
	private PermissionService permissionService;

	@Override
	public String getName() {
		return this.getClass().getSimpleName();
	}

	/*
	 * 认证
	 */
	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		String username = token.getPrincipal().toString();
		// 1.根据用户名去数据库里面查询
		User user = this.userService.queryUserByUserName(username);
		// 2.判断
		if (null != user) {
			// 取密码
			String userpwd = user.getUserpwd();
			// 根据用户ID查询用户拥有的权限
			List<Role> roles = this.roleService.queryRolesByUserId(user.getUserid());
			// 根据用户的id查找用户所有的权限
			List<Permission> permissions = this.permissionService.queryPermissionsByUserId(user.getUserid());
			// 创建当前活动对象的
			ActiverUser activerUser = new ActiverUser();
			activerUser.setCurrentUser(user);
			// 组装角色
			List<String> strRoles = new ArrayList<>();
			for (Role r : roles) {
				strRoles.add(r.getRolename());
			}
			// 组装权限
			List<String> strPermissions = new ArrayList<>();
			for (Permission p : permissions) {
				strPermissions.add(p.getPercode());
			}
			activerUser.setPermission(strPermissions);
			activerUser.setRole(strRoles);
			// 使用用户名和地址加盐
			ByteSource credentialsSalt = ByteSource.Util.bytes(user.getUsername() + user.getAddress());
			AuthenticationInfo info = new SimpleAuthenticationInfo(activerUser, userpwd, credentialsSalt, getName());
			return info;
		}
		return null;
	}

	/*
	 * 授权
	 */
	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection collection) {
		// 是SimpleAuthenticationInfo构造方法里面的第一个参数
		ActiverUser user = (ActiverUser) collection.getPrimaryPrincipal();
		SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
		// 添加角色不能添加空的集合到角色里面
		if (user.getRole() != null && user.getRole().size() > 0) {
			info.addRoles(user.getRole());
		}
		// 添加权限
		if (user.getPermission() != null && user.getPermission().size() > 0) {
			info.addStringPermissions(user.getPermission());
		}
		return info;
	}
}
